Direct signing or encryption of data using RSA is meaningless: RSA is way too slow for such operation. Of course you can create a function which will split the input stream to 112 byte chunks (max. size for 128-bit RSA) and encrypt them one by one. However, such format won't be handled by any other software and as you will find out soon, will take too long for practical implementation.

So the correct approach is not to reinvent the wheel and use industry-standard formats such as PKCS#7.

Eugene Mayevski wrote:
Direct signing or encryption of data using RSA is meaningless: RSA is way too slow for such operation. Of course you can create a function which will split the input stream to 112 byte chunks (max. size for 128-bit RSA) and encrypt them one by one. However, such format won't be handled by any other software and as you will find out soon, will take too long for practical implementation.

So the correct approach is not to reinvent the wheel and use industry-standard formats such as PKCS#7.

I see.Basically, i have to write a java card applet for storing the privatekey and that can encrpt data that I send from the host computer. By no means I can let this private key be stored on the host computer.Is there a way of doing this usi PKIBlackBox?

I am not sure that I understood your question. What particular operations you want to perform with PKIBlackbox? If you are asking about encryption of data using the key stored on the card, then the answer is yes, if the device supports PKCS#11 interface. There exist other interfaces such as PC-SC or PKCS#15, but we don't support them for various reasons.

Eugene Mayevski wrote:
I am not sure that I understood your question. What particular operations you want to perform with PKIBlackbox? If you are asking about encryption of data using the key stored on the card, then the answer is yes, if the device supports PKCS#11 interface. There exist other interfaces such as PC-SC or PKCS#15, but we don't support them for various reasons.

Quote

Eugene Mayevski wrote:
I am not sure that I understood your question. What particular operations you want to perform with PKIBlackbox? If you are asking about encryption of data using the key stored on the card, then the answer is yes, if the device supports PKCS#11 interface. There exist other interfaces such as PC-SC or PKCS#15, but we don't support them for various reasons.

OK, so I if I have a key on the card that supports PKCS#11 interface,can I encrypt arbitrary array of data?Becouser the keys on my card are RSA keys. Basically I need to secure my channel with key stored on the card and remote server

Eugene Mayevski wrote:
I am not sure that I understood your question. What particular operations you want to perform with PKIBlackbox? If you are asking about encryption of data using the key stored on the card, then the answer is yes, if the device supports PKCS#11 interface. There exist other interfaces such as PC-SC or PKCS#15, but we don't support them for various reasons.

Quote

Eugene Mayevski wrote:
I am not sure that I understood your question. What particular operations you want to perform with PKIBlackbox? If you are asking about encryption of data using the key stored on the card, then the answer is yes, if the device supports PKCS#11 interface. There exist other interfaces such as PC-SC or PKCS#15, but we don't support them for various reasons.

OK, so I if I have a key on the card that supports PKCS#11 interface,can I encrypt arbitrary array of data?Becouser the keys on my card are RSA keys. Basically I need to secure my channel with key stored on the card and remote server

To be exact,I have to send a message to the webserver,that is encryped with a key on the card. The server would decrypt the message, done some logic,encrypted the response, and send back the response.

Hi,
Yes I understand that,but unfortunately,I still dont know how can I establish secure channel from my host application and remote server using certificate from the smartcard. I tried using it manually with SOAP extensions,signing the request with the certificate from the smart card and then encrypting the whole message with server's certificate public key, and the server woudl do the opposite.
But now,as you said RSA encryption is meaningless, and Im back to square one to begin with. Any help,guideline with using your components,would be highly appreciated. As you can see,Im having troubles in architectural design of the whole system becouse If I get an idea, I dont know it its implementable

You are mixing "certificate" and "RSA key". Certificate is more high-level entity, than a key, so is certificate-based encryption comparing to RSA encryption. Low-level RSA encryption is meaningless (except short blocks such as session keys for symmetric encryption), but you've been offered to use certificate-based encryption and signing using TElMessageSigner / TElMessageEncryptor / TElMessageVerifier / TElMessageDecryptor. They can be used with certificate and private key residing on PKCS#11-compliant smartcard, and you can accomplish your task trivially by just using those classes.

Eugene Mayevski wrote:
You are mixing "certificate" and "RSA key". Certificate is more high-level entity, than a key, so is certificate-based encryption comparing to RSA encryption. Low-level RSA encryption is meaningless (except short blocks such as session keys for symmetric encryption), but you've been offered to use certificate-based encryption and signing using TElMessageSigner / TElMessageEncryptor / TElMessageVerifier / TElMessageDecryptor. They can be used with certificate and private key residing on PKCS#11-compliant smartcard, and you can accomplish your task trivially by just using those classes.

Quote

Eugene Mayevski wrote:
You are mixing "certificate" and "RSA key". Certificate is more high-level entity, than a key, so is certificate-based encryption comparing to RSA encryption. Low-level RSA encryption is meaningless (except short blocks such as session keys for symmetric encryption), but you've been offered to use certificate-based encryption and signing using TElMessageSigner / TElMessageEncryptor / TElMessageVerifier / TElMessageDecryptor. They can be used with certificate and private key residing on PKCS#11-compliant smartcard, and you can accomplish your task trivially by just using those classes.

Hi

but when I stored the certificate on the card, I associated it with rsa private/public keypair. Would this mean that I cant encrypt messages becouse the certificate is using the rsa keys(1024 bits). I initialized these certificates using OpenSC